Technical Role
SOC staff monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents. They normally follow processes and procedures based on information security management and computer security incident management. They often employ tools such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; security information and event management (SIEM); network behavior analysis and denial of service monitoring; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM).
The SOC typically scans applications and identifies security vulnerabilities and their potential business impact. The SOC works with the application business owners and IT staff to ensure understanding and help them appropriately correct weaknesses before they are exploited. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have business impact. The SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported.
SOC engineers and watch officers are seasoned information and communication systems professionals. They are usually trained in computer engineering, cryptography, network engineering, or computer science and are credentialed (e.g. Certified Information Systems Security Professional (CISSP) from (ISC)², GIAC from SANS, or Certified Information Security Manager (CISM) from ISACA).
SOCs usually are well protected with physical, electronic, computer, and personnel security. Centers are often laid out with desks facing a video wall, which displays significant status, events and alarms; ongoing incidents; a corner of the wall is sometimes used for showing a news or weather TV channel, as this can keep the SOC staff aware of current events which may have an impact on information systems. The back wall of the SOC is often transparent, with a room attached to this wall which is used by team members to meet while able to watch events unfolding in the SOC. Individual desks are generally assigned to a specific group of systems, technology or geographic area. A security engineer or security technician may have several computer monitors on their desk, with the extra monitors used for monitoring the systems covered from that desk.
Read more about this topic: Security Operations Center (computing)
Famous quotes containing the words technical and/or role:
“The axioms of physics translate the laws of ethics. Thus, “the whole is greater than its part;” “reaction is equal to action;” “the smallest weight may be made to lift the greatest, the difference of weight being compensated by time;” and many the like propositions, which have an ethical as well as physical sense. These propositions have a much more extensive and universal sense when applied to human life, than when confined to technical use.”
—Ralph Waldo Emerson (1803–1882)
“The addition of a helpless, needy infant to a couple’s life limits freedom of movement, changes role expectancies, places physical demands on parents, and restricts spontaneity.”
—Jerrold Lee Shapiro (20th century)